Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue] Azd down --no-prompt hangs in pipeline and does not initialise terraform #4317

Open
1 task done
markwragg opened this issue Sep 16, 2024 · 3 comments
Open
1 task done

[Issue] Azd down --no-prompt hangs in pipeline and does not initialise terraform #4317

markwragg opened this issue Sep 16, 2024 · 3 comments
Assignees
@weikanglim
Labels
customer-reported identify a customer issue needs-team-attention Issues out of a milestone question terraform
Milestone
Backlog Candidates

Comments

@markwragg
Copy link

markwragg commented Sep 16, 2024
edited
Loading

Output from azd version

azd version 1.10.1 (commit 31409a3)

Describe the bug

I am trying to setup a pipeline to tear down environments. I use Terraform as the backend. I want to be able to run azd down --preview but that option isn't available, however it looks like azd down prompts for confirmation by default, so it looks like I should be able to get a preview of the Terraform destroy by running azd down --no-prompt which i'd expect it to show the Terraform destroy plan and then stop execution because the default confirmation would be not to continue, however the pipeline task just hangs. The only way to get destroy to run in the pipeline is to use azd down --no-prompt --force. There's no way to preview the changes first.

Additionally azd down does not perform a terraform init, so running it on its own in a pipeline just throws an error "backend initialization required". I can workaround this by running azd provision --preview first but it would be nice not to have to.

To Reproduce

Setup an Azure DevOps pipeline task to run azd down --no-prompt. The task will hang.

Expected behavior

azd down --no-prompt = Should output the Terraform destroy plan and then the task should exit with no error, as if the confirmation prompt was answered with "no".

Alternatively implement an azd down --preview that when Terraform is the backend performs terraform destroy -plan.

Either should also perform a terraform init so that you don't have to unnecessarily (and confusingly) run azd provision --preview (unless there's some better alternative I'm missing here).

Environment

Azure DevOps pipeline self hosted agent running unbuntu.
Azd tasks run as Bash.

Additional context

None
@weikanglim
Copy link
Contributor

tagging @kristenwomack for terraform related awareness.

@markwragg thanks for raising this! I believe your asks are along the lines of:

  1. azd down for terraform should first do a preview of resources being deleted. It should prompt the user.
  2. azd down --no-prompt should either accept or deny the confirmation by default. The suggestion made here is to deny. I could see a different world where accept is the default -- perhaps we need to learn more about the scenario here.

Please let me know if there were things not captured above.

Regarding terraform down requiring terraform init -- I suspect that since you're running on different stages, you may want to share the backend state. See backend on how to configure this to work for your scenario.

@weikanglim weikanglim self-assigned this Sep 16, 2024
@weikanglim weikanglim added this to the Backlog Candidates milestone Sep 16, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the needs-team-attention Issues out of a milestone label Sep 16, 2024
@markwragg
Copy link
Author

Yes that pretty much covers it, except to say there's already a way to force a "yes" answer to the destroy plan (which is already output by default) as azd down has --force for that.

Regarding state, I'm already using a backend config with remote state but azd down doesn't run terraform init so it doesn't get set up like it does when you run azd provision. And I can't run terraform init directly as my backend config file has environment variables which I'm relying on azd to populate. Let me know if I'm just doing something wrong here, but I think it's setup per your documentation.

@weikanglim
Copy link
Contributor

except to say there's already a way to force a "yes" answer to the destroy plan (which is already output by default) as azd down has --force for that.

I see. Your suggestion is that azd down --no-prompt fails, but azd --no-prompt --force would accept all prompts and have it complete. I'm wondering what --no-prompt would mean in this scenario for you (and if it's redundant in your mind).

I can't run terraform init directly as my backend config file has environment variables which I'm relying on azd to populate.

You may be right here (sorry for not fully understanding the terraform details here). If time permitting, would you be able to paste a quick error message of what the error looks like, or a quick description of what you would normally run against terraform CLI directly?

My very limited understanding here is that azurerm does support environment variable configuration, so perhaps something like:

export ARM_ACCESS_KEY=your-storage-account-access-key
export ARM_RESOURCE_GROUP_NAME=your-resource-group-name
export ARM_STORAGE_ACCOUNT_NAME=your-storage-account-name
export ARM_CONTAINER_NAME=your-container-name
export ARM_KEY=path/to/your/terraform.tfstate

terraform destroy

would work. But I don't fully understand the details yet, and there may be something specific to your setup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@weikanglim weikanglim

Labels
customer-reported identify a customer issue needs-team-attention Issues out of a milestone question terraform
Projects
None yet
Milestone
Backlog Candidates
Development

No branches or pull requests
2 participants
@weikanglim @markwragg